On Tue, Nov 30, 2010 at 11:48 AM, Avram Dumitrescu <phat at phat.ro> wrote:
> On boot it brings up eth0, eth1, ppp0 and runs the firewall script (in that order), and, until I manually ifdown/ifup eth0 it doesn’t do anything, the server on the other has access to the network but doesn’t resolve.
No, it's not a good idea to get the interfaces plumbed before the
firewall but I don't see a way to do that with PPPoE :P
The general way to get this to work on any Linux system is boot order
-- the PPPoE script needs to run immediately when the system wants to
plumb the Internet interfaces and there after start the firewall --
there will always be a small window where the Internet is plumbed
without a firewall but we are talking mere seconds.
The system should be taken off the network for testing -- make sure
the PPPoE handshake is happening in the correct order -- errors are OK
at this point, no errors and you have a problem. Next, while the
system is connected to the network see if it will handshake for an IP
address (errors are not OK at this point) -- if it isn't then there is
no real threat as there is likely no route to the system (IE, the
default route isn't set right.)
Test the boot order, make sure the system is starting up in a normal,
manageable way - IE, the Internet interfaces can be plumbed but no
INETD services need be started until AFTER the firewall is in place.
See?
Try this out:
http://www.akadia.com/services/pppoe_iptables.html
Then if you need more reading see these:
http://www.google.com/search?q=pppoe+before+firewall&ie=utf-8&oe=utf-8
HTH